Protecting Microsoft Networks with ISA Server 2004 - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

Protecting Microsoft Networks with ISA Server 2004

Description:

Adds /Microsoft-Server-ActiveSync ... Not supported for Forms-based authentication ... User/Group based access control from VPN clients to any other location ... – PowerPoint PPT presentation

Number of Views:66
Avg rating:3.0/5.0
Slides: 19
Provided by: Revi150
Category:

less

Transcript and Presenter's Notes

Title: Protecting Microsoft Networks with ISA Server 2004


1
Protecting Microsoft Networks with ISA Server
2004
  • Enhanced Exchange/
  • VPN Support
  • By Thomas W. Shinder, M.D.
  • ISAserver.org
  • TACTEAM

2
Traditional Firewall Security
Packet Filters worked great!
CEO Is our network secure? PIX Admin Yes,
Ive configured packet filters to block all
attacks PIX IS SECURITY
3
Whats on Tap
  • Informal presentation
  • Whats new and improved in Exchange Server remote
    access connectivity and protection
  • Whats new and improved in the ISA Server 2004
    VPN Server and Gateway

4
ISA Server 2004 Enhanced Exchange Server
Protection
  • Forms-based authentication
  • Improved Exchange Publishing Wizard
  • Support for OMA/ActiveSync Publishing
  • RADIUS support for OWA Web Publishing scenarios
  • SSL to SSL Bridging
  • HTTP Security Filter protects SSL connections
    (SSL to SSL bridging)

5
ISA Server 2004 Forms-Based Authentication
  • Prevents caching of credentials
  • Controls sessions time-outs
  • Closes connection when user leaves site
  • Prevents attachment access or viewing
  • Delegates Basic authentication
  • Supports all versions of Exchange

6
ISA Server 2004 Enhanced Exchange Publishing
Wizard
  • Publish OWA/OMA/ActiveSync
  • Intuitive connection bridging interface
  • Certificates actually appear in console!
  • Create Web listeners on the fly
  • Does the rule configuration heavy-lifting"
  • Still need to prepare the network infrastructure
    to make it all work

7
ISA Server 2004 Support for OMA/ActiveSync
Publishing
  • Adds /OMA/
  • Adds /Microsoft-Server-ActiveSync/
  • Still need to configure the network
    infrastructure and split DNS
  • Also need to configure Exchange Server SSL and
    authentication settings

8
ISA Server 2004 RADIUS Support for OWA Publishing
  • Use RADIUS to authenticate remote OWA users
  • ISA Server 2004 does not need to be member of the
    domain
  • Not supported for Forms-based authentication
  • Use IPSec between ISA Server 2004 box and RADIUS
    server (PAP used)

9
ISA Server 2004 SSL to SSL Bridging
  • Client terminates SSL at the ISA Server 2004
    firewall
  • ISA Server 2004 firewall initiates second SSL
    link to Exchange Server
  • ISA Server 2004 firewall inspects connection
    while in transient unencrypted state
  • SSL to HTTP also supported (not recommended)

10
ISA Server 2004 HTTP Security Filter Protects
OWA/OMA/ActiveSync Connections
  • SSL to SSL encryption breaks open the SSL tunnel
  • HTTP Security Filter examines HTTP data moving
    through the tunnel
  • Can control virtually any aspect of the
    connection and block based on variety of
    characteristics

11
ISA Server 2004 Enhanced VPN Server and Gateway
  • Support for IPSec Tunnel Mode for
    interoperability
  • User/Group based access control from VPN clients
    to any other location
  • Lock down VPN client access only to required
    resources
  • User/group based access control also possible for
    VPN site to site links
  • VPN SecureNAT client now supported!

12
ISA Server 2004 IPSec Tunnel Mode Support
  • Weve been waiting for this for years
  • Supports IPSec tunnel mode with multiple third
    parties Cisco/Checkpoint/Netscreen
  • Not as secure as L2TP/IPSec
  • Detailed configuration article available when
    product releases

13
ISA Server 2004 User/Group based Access Control
for Remote Access VPN Clients
  • VPN log on credentials used for access control
  • Limit access to specific servers
  • Limit access to specific protocols
  • Limit access to specific content
  • Limit access to specific servers, using specific
    protocols to obtain specific content
  • Log all VPN remote access client connections
    user information included

14
ISA Server 2004 User/Group based Access Control
for Site to Site Links
  • Great for branch office scenarios
  • Limit branch office users to specific resources
    on the main office corpnet
  • Log on traffic, Exchange, File servers, and
    thats it
  • Granular access control based on user group

15
ISA Server 2004 VPN SecureNAT Client Support
  • Full Internet access for VPN clients
  • ISA Server 2004 required Firewall client
  • And/or Web Proxy client
  • Can still use Firewall and Web Proxy client
  • Enhance security and protocol support when VPN
    clients configured as Firewall and Web Proxy
    clients

16
ISA Server 2004 Exchange and VPN Summary
  • ISA Server 2004 Rocks
  • FBA and RADIUS pumps up the security volume on
    ISA Server 2004 remote access Exchange Server
    security
  • New VPN features make ISA Server 2004 VPN servers
    and gateways best of breed for protecting
    Microsoft networks

17
ISA Server 2004 For More Information
  • Buy my book!
  • ISA Server 2004 Configuration Guide
  • ISA Server 2004 Branch Office Kit
  • ISA Server 2004 Exchange Server Kit
  • ISA Server 2004 VPN Kit
  • ISA Server 2004 Quick Start Guide
  • www.isaserver.org

18
  • www.msfirewall.org/isa2004kits.htm
Write a Comment
User Comments (0)
About PowerShow.com